tis 2007-03-20 klockan 21:53 +0100 skrev Thomas M Steenholdt:
> However, since we're talking about the default configuration
> here, I feel this would make it "too hard" to get sshd set up initally.
> If we disable password auth completely, we would have to manually put
> public keys in place via USB keys or something. That's too much work.
Yes, correct, an ssh server that's on by default but with password auth
disabled is pointless, because it's completely unusable. There's no
point in requiring people to fiddle with it to make it work. Either you
leave it in a usable state by default or you disable it completely by
default.
Disabling it also has the advantage of one less open port where a
machine that's not receiving updates (fast enough) can potentially be
exploited.
Really, if someone can type "ssh foo bar", is it too much to ask that
they log on to bar locally and type "/sbin/chkconfig sshd
on; /sbin/service sshd start"?
> Lets settle for a default configuration with a good balance between
> usability and security. Like perhaps disabling root login or something.
Taking over a user account is really almost as bad as root access. The
typical desktop user is thoroughly screwed regardless.
So:
How about a checkbox in anaconda or firstboot like this?
[ ] Enable remote (network) access to this computer? (OpenSSH)
Note, defaults to off.
/abo